CISA Warns of Critical ICS Vulnerabilities – Patch Now
▼ Summary
– CISA has issued advisories about vulnerabilities in Industrial Control Systems (ICS) products from vendors like Johnson Controls, ABB, Hitachi Energy, and Schneider Electric.
– The affected sectors include commercial facilities, energy, transportation, manufacturing, and healthcare.
– The vulnerabilities range in severity, with one critical (CVSS 9.1), most high (8.2–8.7), and one medium (6.1).
– Hitachi Energy Asset Suite vulnerabilities could allow unauthorized access, remote code execution, or privilege escalation.
– A healthcare-sector vulnerability (CVE-2024-22774, CVSS 8.5) affects Panoramic Digital Imaging Software, enabling DLL hijacking but has no known exploits reported.
Critical security flaws in industrial control systems have prompted urgent warnings from cybersecurity authorities, putting multiple industries at risk of potential cyberattacks. The US Cybersecurity and Infrastructure Security Agency (CISA) has issued multiple advisories detailing vulnerabilities affecting products from major industrial technology providers, including Johnson Controls, ABB, Hitachi Energy, and Schneider Electric. These weaknesses could impact operations across energy grids, manufacturing plants, transportation networks, and healthcare facilities.
Among the identified threats, one vulnerability stands out with a critical CVSS v4 score of 9.1, while most others rank as high-severity risks with scores between 8.2 and 8.7. A single medium-severity flaw scored 6.1, but even this poses significant concerns given the sensitive nature of industrial systems.
One particularly concerning advisory (ICSA-25-196-01) highlights multiple security gaps in Hitachi Energy’s Asset Suite, including its mobile app and core software versions. Exploiting these flaws could let attackers bypass authentication, execute malicious code remotely, or gain elevated system privileges. The affected components include:
- Asset Suite AnyWhere for Inventory (AWI) Android app (versions 11.5 and earlier)Separately, a vulnerability in Panoramic Digital Imaging Software (version 9.1.2.7600) has raised alarms in healthcare. Rated 8.5 on the CVSS scale, this flaw enables DLL hijacking attacks, potentially granting attackers SYSTEM-level access through a deprecated third-party SDK. While no active exploits have been reported, the outdated component leaves systems exposed.CISA urges administrators to immediately review the latest advisories and apply recommended patches or mitigations. The agency published these alerts between July 15-17, 2025, with detailed technical guidance available through their official channels. Organizations relying on these industrial systems should prioritize vulnerability assessments to prevent disruptive breaches.
(Source: NewsAPI Cybersecurity & Enterprise)